Navigating cyber risks during COVID-19

Record Point is an independent corporate advisory firm with operations in Sydney and San Francisco. We specialise in domestic and cross-border advisory services for public and private companies including mergers and acquisitions, capital raisings, corporate partnerships, debt advisory, restructuring, strategic reviews and valuations.

COVID-19’s arrival has marked a dramatic change for the world, giving rise to a humanitarian crisis and volatile conditions for financial markets and economies globally.  Further uncertainty lies ahead with countries bracing for further waves, whilst juggling difficult policy decisions that typically have opposite effects on the health crisis vs economic crisis. COVID’s impact has largely been indiscriminate, though there have been some resilient sectors – one clear example being cybersecurity.

Before the pandemic we were witnessing several technology trends play out.  These included the bifurcation of cloud and on-premise software, the rise of artificial intelligence and machine learning, and the need for traditional software to be retooled or re-imagined. In pursuit of the seemingly unlimited potential of the digital world, corporations have embraced these trends, however in doing so have inadvertently exposed themselves to new risks in the cyber world.

These risks have been well documented. An example is Equifax’s breach in 2017.  Hackers stole credit files on 147 million customers, leading to US$700 million in fines for the company.  Yahoo also famously suffered numerous data breaches from 2012 to 2016 (including one in 2013 that affected all 3 billion of its users). Finally, Facebook was recently fined US$5 billion for its privacy violations in relation to the Cambridge Analytica scandal. Perhaps what is more concerning is that adversaries are becoming more relentless and sophisticated, expanding their volume of attacks through different mediums.

The vulnerabilities of governments and corporations, along with privacy and consumer data protection now taking centre stage has created significant tailwinds for the cybersecurity industry. The path for innovation and investment across existing vendors and new entrants has opened up, with the market evolving into a fast-growing US$120 billion industry (forecast to grow to US$168 billion by 2023)1.

Throw in COVID-19 and companies need to be as alert as ever.  The pandemic has shifted workforces globally to working from home, thereby dramatically increasing the attack surface and vulnerabilities. Cyber threats and adversaries have demonstrated no conscience, indiscriminately targeting vulnerable sectors (e.g. hospitals and other critical institutions where technology bandwidth has already been stretched).

Attackers, including state nations, have opportunistically exploited “hysteria” in relation to COVID-19, leveraging tactics such as phishing campaigns, social media and malicious websites.  These tactics are all additive to the existing threat landscape which includes malware, distributed denial of service (DDOS) and botnets to name a few. Some alarming examples include:

In response to this, governments and corporates have heavily relied on a myriad of cybersecurity solutions and vendors.  We have seen a significant uptick in demand of cybersecurity tools to assist with the work from home environment.  Key examples include virtual private networks and multi-factor authentication.

However, despite all the tools available, employee education plays a key role in combating risks in the digital world. While phishing schemes can vary in complexity and size, the reality is that cyber criminals require very little resourcing to generate an exponentially large number of campaigns.  Research suggests that half of personal data breaches are a result of human negligence. Employees need to be diligent in diagnosing and reporting potential harms, for example spending the time to identify suspicious email addresses and domain names.

COVID-19 may not be the catalyst for all change, however we expect it to accelerate change.  With that, cyber innovation and its benefits will continue to flourish.  We are already seeing the likes of Zscaler, Crowdstrike and an ecosystem of start-ups flourish as companies continue to transition towards the cloud.  Virtual security operation centres will need to mobilise and an increased adoption of managed security service providers as a cost-effective cyber solution is likely to play out.

More recently, we have witnessed the Australian government announce a A$15 billion boost to protect Australia against state-sponsored hackers.  There have been several public allegations and finger pointing, all of which contribute to an uncertain new environment but highlight the critical role cybersecurity plays in the modern economy.

If you are interested in the cybersecurity or broader technology sectors and how they impact your business or investment plans, please feel free reach out to one of the Record Point team for a discussion.


(1) Represents global cybersecurity market (Source: Gartner Forecast: Information Security and Risk Management, Worldwide, 2017-2023, 3Q19 Update)

(2) As of June 2020


June 30th, 2020